stottle Posted September 7, 2021 Share Posted September 7, 2021 I've followed Spaceinvaderone's video for setting up SWAG, but the docker container is giving an error: Requesting a certificate for <mySubDomain>.duckdns.org Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: <mySubDomain>.duckdns.org Type: unauthorized Detail: Invalid response from http://<mySubDomain>.duckdns.org/.well-known/acme-challenge/U9o-N70woR3z5jnFl0cEVPWd711PJT8SAqRPiZLYAXc [<My IP>]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. I have two gateways, AT&T for ISP and a Google WiFi mesh, but I believe I have the port forwarding correct. Two reasons for this. 1) I can see my Plex server, so the two hop forwarding to that container is working 2) I was getting timeout errors in the log, but those have now changed to this unauthorized/404 error. For SWAG, I am have AT&T forward 80 and 443 directly (the only option I saw), and Google changing the ports to 180 and 1443. SWAG is set up for 180 and 1443. I'm trying to get http auth working as that seemed like the best place to start. I need to understand the other options better, too. Any tips for debugging? Quote Link to comment
isaac.olsen94 Posted September 10, 2021 Share Posted September 10, 2021 On 11/9/2020 at 10:59 PM, LifeBasher said: Hi, im trying to get swag to reverse proxy to my vm in unraid. i used spaceinvader video to set it up at start but now when im trying to send to the vm, the log give me this... any one has any idea? i mean it work great when im using it on docker but i cant get it to send it to my vm Thanks for any help P.S. I actually want to send it to a vm for nextcloud instead of using a docker for it. 2020/11/10 00:45:08 [error] 431#431: *63 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 66.70.148.95, server: myServer.*, request: "GET /favicon.ico HTTP/2.0", upstream: "https://192.168.8.13:443/favicon.ico", host: "myHost", referrer: "https://myHost/" Did you ever get this figured out? I'm also trying to pass through Ubuntu VM running Nextcloud. Quote Link to comment
stottle Posted September 19, 2021 Share Posted September 19, 2021 On 9/7/2021 at 12:58 PM, stottle said: I have two gateways, AT&T for ISP and a Google WiFi mesh, but I believe I have the port forwarding correct. Two reasons for this. 1) I can see my Plex server, so the two hop forwarding to that container is working 2) I was getting timeout errors in the log, but those have now changed to this unauthorized/404 error. For SWAG, I am have AT&T forward 80 and 443 directly (the only option I saw), and Google changing the ports to 180 and 1443. SWAG is set up for 180 and 1443. I'm trying to get http auth working as that seemed like the best place to start. I need to understand the other options better, too. Any tips for debugging? The error turned out to be a mismatch in ports between the two routers (mixing which was internal vs. external). Also, to the earlier person who mentioned still getting "insecure" messages due to having staging set to `true` - thanks, I hit that as well. Quote Link to comment
Huongalt Posted September 20, 2021 Share Posted September 20, 2021 On 5/6/2021 at 4:38 PM, tetrapod said: I had the same issue and I think, if I remember correctly, that Spaceinwader's video didn't mention that you had to turn of proxy for the subdomain CNAME record. Maybe this worked differently before at Cloudflare? But when I turn on "proxied" for any CNAME that URL will no longer point to my server, it will point to a cloudflare server. How this proxy via Cloudflare is supposed to work I do not know. I can keep "proxied" on for my A records though Anyone ever get to the bottom of this ? Quote Link to comment
BurntOC Posted September 20, 2021 Share Posted September 20, 2021 (edited) I searched this thread and generally online for an answer to this, but I don't see it or I missed it. I've been running swag to front end a couple of dozen containers for a year or so and it has worked great. I tried adding another one today and I went to ssh into it to modify the config file and I'm getting an error that the target actively refused it. I've made no changes to my network, and I've restarted the container and even rebooted Unraid but I'm still getting the same error. Any ideas on what I might be missing? NVM - Needed more coffee. I remembered I ssh into Unraid and then go to the appdata from there rather than ssh into the swag container IP. Edited September 20, 2021 by BurntOC Quote Link to comment
zaker Posted September 20, 2021 Share Posted September 20, 2021 Ain't nobody got time to troll thru 228! pages of messages to figure out how to use swag with zerossl on unraid. Looks like linuxserver.io even spends precious little describing what is needed for zerossl. I did find that the github link for docker-swag has a little info though!. There has got to be a better way to support it than this forum. Quote Link to comment
altyne Posted September 24, 2021 Share Posted September 24, 2021 Need help. I have an error while intalling the docker swag: I cannot see the logs since after installation and running the docket setup remove the image. But I see the commands generated: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='swag' --net='proxynet' -e TZ="Europe/Madrid" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='myownadomain.com' -e 'SUBDOMAINS'='cloud' -e 'ONLY_SUBDOMAINS'='false' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag' 8234a2c63b968ed9a9ee04b5d0f10e93352e6424393d2d9531ce27b587916872 Quote Link to comment
altyne Posted September 24, 2021 Share Posted September 24, 2021 1 hour ago, altyne said: Need help. I have an error while intalling the docker swag: I cannot see the logs since after installation and running the docket setup remove the image. But I see the commands generated: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='swag' --net='proxynet' -e TZ="Europe/Madrid" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='myownadomain.com' -e 'SUBDOMAINS'='cloud' -e 'ONLY_SUBDOMAINS'='false' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag' 8234a2c63b968ed9a9ee04b5d0f10e93352e6424393d2d9531ce27b587916872 i resolve my issue is port used. However i have issue again: Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: cloud.myowndomain.com Type: connection Detail: Fetching http://cloud.myowndomain.com/.well-known/acme-challenge/MW0vkuKtEVdJrtPHQhH-_BqvajZK31sTq18SZuk2qug: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
altyne Posted September 25, 2021 Share Posted September 25, 2021 On 9/24/2021 at 4:01 PM, altyne said: i resolve my issue is port used. However i have issue again: Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: cloud.myowndomain.com Type: connection Detail: Fetching http://cloud.myowndomain.com/.well-known/acme-challenge/MW0vkuKtEVdJrtPHQhH-_BqvajZK31sTq18SZuk2qug: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I managed to installed the SSL via cloudflare. However, my router blocks port 80 and showing the router web admin page? Did ignore port forwarding ? internet -> router (port 80 forwarded -> unraid server port 192.168.x.x:180 -> nextcloud : 80) internet -> router (blocks here returns web admin page from router)? Quote Link to comment
sloob Posted September 25, 2021 Share Posted September 25, 2021 (edited) Like many people here I followed spaceinvader one guide to give online access to nextcloud using a domain name. I followed his guide to the letter and everything seems to be working fine other than my router not supporting NAT reflection. This means that I can only access my nextcloud GUI via my domain name using a VPN or when I'm away from home. which is fine by me, EXCEPT that I can no longer access my nextcloud GUI AT ALL on my home network, when I try to access it via localhost:444 it gets redirected to my domain name (nextcloud.mydomain.com). is there a way I can retain the ability to connect to owncloud on my home network? This problem is only with nextcloud, I can access sonarr with both my domain and my local ip depending on if I'm connected to my local network or not. Edited September 25, 2021 by sloob Quote Link to comment
altyne Posted September 27, 2021 Share Posted September 27, 2021 On 9/25/2021 at 4:19 PM, altyne said: I managed to installed the SSL via cloudflare. However, my router blocks port 80 and showing the router web admin page? Did ignore port forwarding ? internet -> router (port 80 forwarded -> unraid server port 192.168.x.x:180 -> nextcloud : 80) internet -> router (blocks here returns web admin page from router)? It working for me right now, what I did; was disabled the firewall settings built in in my router and upnp options. Well, looks like this thread is like a rant and nobody cares to read for 228 pages long. what I bummer. What I observed from SpaceInvaderOne guides are still good but most are outdated unless he updated in the comment section. For others content, you can follow but you should be cautious because settings will likely not compatible with latest version. Some tips and gotcha I'd observed, you can get the instruction inside cnf/config files in comments section. And also read author documentations/wiki guides on how to configure. Unraid server (particularly docker) just present the configuration in the screen and eventually submitted into command line. You can read author's guide or clicking the question mark in the top right screen below your username; to see some valid values and tips. Quote Link to comment
Carlos Posted September 30, 2021 Share Posted September 30, 2021 Hi there folks! Today an expired certificate error message from my Win10 Nextcloud client hit me when I logged in. Looking around I found this, should I clic "Trust this certificate anyway" and forget about it or should I change something in my SWAG config? Thanks Quote Link to comment
joecool169 Posted September 30, 2021 Share Posted September 30, 2021 32 minutes ago, Carlos said: Hi there folks! Today an expired certificate error message from my Win10 Nextcloud client hit me when I logged in. Looking around I found this, should I clic "Trust this certificate anyway" and forget about it or should I change something in my SWAG config? Thanks I'm having this untrusted certificate issue with nextcloud. Just started today for me as well. Quote Link to comment
Akuno Posted October 1, 2021 Share Posted October 1, 2021 23 hours ago, Carlos said: Hi there folks! Today an expired certificate error message from my Win10 Nextcloud client hit me when I logged in. Looking around I found this, should I clic "Trust this certificate anyway" and forget about it or should I change something in my SWAG config? Thanks Same for me here. Quote Link to comment
Omri Posted October 1, 2021 Share Posted October 1, 2021 Hi what is the procedure to issue "ISRG Root X1"? private dns on android stopped working yesterday with the default one used this with Adguard Home see here for details https://forum.xda-developers.com/t/all-devices-private-dns-broken-with-lets-encrypt-even-on-new-devices.4341355/ Quote Link to comment
Omri Posted October 2, 2021 Share Posted October 2, 2021 13 hours ago, Omri said: Hi what is the procedure to issue "ISRG Root X1"? private dns on android stopped working yesterday with the default one used this with Adguard Home see here for details https://forum.xda-developers.com/t/all-devices-private-dns-broken-with-lets-encrypt-even-on-new-devices.4341355/ Nevermind "Solved" the issue by moving to zerosssl 1 Quote Link to comment
Carlos Posted October 2, 2021 Share Posted October 2, 2021 On 9/30/2021 at 5:24 PM, Carlos said: Hi there folks! Today an expired certificate error message from my Win10 Nextcloud client hit me when I logged in. Looking around I found this, should I clic "Trust this certificate anyway" and forget about it or should I change something in my SWAG config? Thanks Nevermind, looks like it's fixed with the latest client update recently deployed Cheers Quote Link to comment
Meldrak Posted October 5, 2021 Share Posted October 5, 2021 On 10/2/2021 at 11:00 AM, Omri said: Nevermind "Solved" the issue by moving to zerosssl Solved for me too after switching to zerossl Quote Link to comment
dfox1787 Posted October 5, 2021 Share Posted October 5, 2021 Hi, Has something changed on swag recently? its been working fine and nothing has changed on my FW or network now i am getting this error: Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
Konfitüre Posted October 7, 2021 Share Posted October 7, 2021 On 10/2/2021 at 1:02 PM, Carlos said: Nevermind, looks like it's fixed with the latest client update recently deployed Cheers for me it is not solved I have still the problem with nextcloud and joplin. How can I remove the "DST Root CA X3" ? 1 Quote Link to comment
Tosh6072 Posted October 7, 2021 Share Posted October 7, 2021 I had my Swag docker still failing with the Letsencrypt cert renewal. My issue renewing was caused with Cloudflare proxing the traffic. I turned off Proxying for my A and CNAME records (under the DNS tab in Cloudflare). I then restarted docker and it came right. I could then go back to Cloudflare and turned the Proxying back on. Hope this may help someone else 1 Quote Link to comment
dfox1787 Posted October 7, 2021 Share Posted October 7, 2021 (edited) On 10/5/2021 at 8:51 AM, dfox1787 said: Hi, Has something changed on swag recently? its been working fine and nothing has changed on my FW or network now i am getting this error: Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container restored a backup all working now. thanks for the help..... Edited October 7, 2021 by dfox1787 1 Quote Link to comment
galluno Posted October 8, 2021 Share Posted October 8, 2021 Hi! I'm trying to host my own git server, using Gitea combined with SWAG, I followed @SpaceInvaderOne's guide on how to add reverse proxies for select applications, I think I did it right, as I get to an error page, saying Error 403 Permission Denied; SWAG redirects the traffic "correctly", but I can't figure out what I configured wrongly. Could someone help me? app.iniis Gitea's own config. gitea.subdomain.conf Quote Link to comment
bat2o Posted October 8, 2021 Share Posted October 8, 2021 (edited) On 9/25/2021 at 2:23 PM, sloob said: EXCEPT that I can no longer access my nextcloud GUI AT ALL on my home network, when I try to access it via localhost:444 it gets redirected to my domain name (nextcloud.mydomain.com). is there a way I can retain the ability to connect to owncloud on my home network? I have the same issue, where my router doesn't allow NAT loopback or hairpinning. To access nextcloud on my home network, type the localhost:444, which then redirects it to the nextcloud.mydomain.com (like you indicated). After that first redirect I change the "nextcloud.mydomain.com" with "localhost:444" in the url and it works. Edited October 8, 2021 by bat2o Quote Link to comment
Abigel Posted October 11, 2021 Share Posted October 11, 2021 On 10/7/2021 at 10:24 AM, Konfitüre said: for me it is not solved I have still the problem with nextcloud and joplin. How can I remove the "DST Root CA X3" ? Same issue Somebody you can help? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.